Official MailerLite Sign Up Forms < 1.4.5 - Multiple CSRF Issues



Description
Despite fixing the SQL injection, the plugin was still affected by CSRF issues, which could allow an attacker to make a logged in administrator edit, add, and delete arbitrary signup form views.

Affects Plugin

fixed in version 1.4.5

References

URL https://www.webarxsecurity.com/sql-injection-csrf-vulnerabilities-in-mailerlite-sign-up-forms-plugin/

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher Dave
Views 840
Verified No
WPVDB ID 10236

Timeline

Publicly Published 2020-05-25 (about 2 months ago)
Added 2020-05-25 (about 1 month ago)
Last Updated 2020-05-30 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin